262 Open source projects that are alternatives of or similar to Stracciatella

Load a fresh new copy of ntdll.dll via file mapping to bypass API inline hook.

Search for Unix binaries that can be exploited to bypass system security restrictions.

ShellCodeLoader via DInvoke

Script collection to bypass Network Access Control (NAC, 802.1x)

The goal of this repository is to document the most common techniques to bypass AppLocker.

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Load shellcode via HELLGATE, Rewrite hellgate with .net framework for learning purpose.

GTFOBins is a curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems

A list of payload and bypass lists for penetration testing and red team infrastructure build.

A Golang Reverse Shell w/ a Tmux-driven psuedo-C2 Interface

Red Teaming Tactics and Techniques

Penetration tests guide based on OWASP including test cases, resources and examples.

Extensible Red Team Framework

ReconNess is a platform to allow continuous recon (CR) where you can set up a pipeline of #recon tools (Agents) and trigger it base on schedule or events.

Bypassing SSL Pinning in Facebook Android App

Linux C2 框架demo，为期2周的”黑客编程马拉松“，从学习编程语言开始到实现一个demo的产物

Go shellcode LoaDer

Monitoring GitLab for sensitive data shared publicly

Node.js package to bypass CloudFlare's anti-bot JavaScript challenges

Dumping SAM / SECURITY / SYSTEM registry hives with a Beacon Object File

Passwords Recovery Tool

Collection of PowerShell functions a Red Teamer may use to collect data from a machine

New UAC bypass for Silent Cleanup for CobaltStrike

A set of recipes useful in pentesting and red teaming scenarios

Venom - A Multi-hop Proxy for Penetration Testers

ping tunnel is a tool that advertises tcp/udp/socks5 traffic as icmp traffic for forwarding.

Undetectable Windows Payload Generation

The Swiss Army knife for 802.11, BLE, IPv4 and IPv6 networks reconnaissance and MITM attacks.

🚀 Fast Port Scanner 🚀

Webshell Manager

A PowerShell-based toolkit and framework consisting of a collection of techniques and tradecraft for use in red team, post-exploitation, adversary simulation, or other offensive security tasks.

DeepSea Phishing Gear

Disposable and resilient red team infrastructure with Terraform

mosquito - Automating reconnaissance and brute force attacks

备考 OSCP 的各种干货资料/渗透测试干货资料

Automation for internal Windows Penetrationtest / AD-Security

An effort to build a single place for all useful android and iOS security related stuff. All references and tools belong to their respective owners. I'm just maintaining it.

红队作战中比较常遇到的一些重点系统漏洞整理。

Monitoring your Slack workspaces for sensitive information

ARTi-C2 is a post-exploitation framework used to execute Atomic Red Team test cases with rapid payload deployment and execution capabilities via .NET's DLR.

Offline command line lookup utility for GTFOBins (https://github.com/GTFOBins/GTFOBins.github.io) and LOLBAS (https://github.com/LOLBAS-Project/LOLBAS)

The Collective. A repo for a collection of red-team projects found mostly on Github.

泰阿安全实验室-基于XUbuntu私人订制的红蓝对抗渗透操作系统

Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)

Using Asuswrt-Merlin to bypass AT&T's residential gateway

Bypass for PowerShell Constrained Language Mode

A PowerShell module to deploy active directory decoy objects.

Python3 script to perform LDAP queries and enumerate users, groups, and computers from Windows Domains. Ldap_Search can also perform brute force/password spraying to identify valid accounts via LDAP.

Full-featured C2 framework which silently persists on webserver with a single-line PHP backdoor

🔺 Red Team Hardware Toolkit 🔺

Detect and bypass web application firewalls and protection systems

Project to enumerate proxy configurations and generate shellcode from CobaltStrike

Escalation / Bypass Windows UAC

A collection of electronic hacker magazines carefully curated over the years from multiple sources

This repository is created only for infosec professionals whom work day to day basis to equip ourself with uptodate skillset, We can daily contribute daily one hour for day to day tasks and work on problem statements daily, Please contribute by providing problem statements and solutions

Automatically spawn a reverse shell fully interactive for Linux or Windows victim

gitGraber: monitor GitHub to search and find sensitive data in real time for different online services such as: Google, Amazon, Paypal, Github, Mailgun, Facebook, Twitter, Heroku, Stripe...

Silentbridge is a toolkit for bypassing 802.1x-2010 and 802.1x-2004.

Changing values to bypass windows defender C#

cobaltstrike的相关资源汇总 / List of Awesome CobaltStrike Resources